Use the Box MCP Server section of the Admin Console to control which Box MCP Server tools are available to users across your enterprise.
You can manage access:
- By category level
- By individual tool
- Or both
This helps you meet your organization’s security, compliance, and governance requirements.
Manage tool access
To manage Box MCP Server tool access:
- Open the Admin Console.
- In the left sidebar, select Integrations.
- Select the Box MCP Server tab.
A table displays tool categories (for example, Files and Folders, Search, Box Hubs). Each row includes:
- An Enablement control
- A Configure button
Set category-level access
To set access for an entire category:
- In the Box MCP Server table, find the tool category you want to configure.
- Select the Enablement control.
- Choose one of the following options:
- Disable all tools — No tools in the category are available to users.
- Enable read-only tools — Only tools that read data are available.
- Enable read & write tools — All tools in the category, including those that create or modify data, are available.
- Custom configuration — You choose which individual tools within the category are available. To configure individual tools, see the next section.
After that, category-level changes take effect immediately.
Configure individual tools
To control access of the specific tools within a category:
- In the Box MCP Server table, find the tool category.
- Select Configure.
A configuration window opens that includes:
- Category name and description
- Enablement options
- Tools grouped under:
- Read only MCP tools
- Write MCP tools
- A toggle for each tool
How controls stay in sync
- Selecting an Enablement option updates all tool toggles.
- Enable read & write tools turns on all tools.
- Disable all tools turns everything off.
- Changing individual toggles updates the Enablement selection.
- Only read tools enabled → Enable read-only tools
- All tools enabled → Enable read & write tools
- All tools disabled → Disable all tools
- Any other combination → Custom configuration
- After you click Save, a confirmation message appears.
Search for tools
You can find a specific tool without browsing categories by using Admin Console search.
To find a tool:
- Use the search bar at the top of the Admin Console.
- Enter a keyword.
- Select a result.
The Admin Console navigates to the Box MCP Server page and opens the relevant category configuration.
Enforcement behavior
When a tool is disabled:
- Box removes it from the tool list returned to the MCP client.
- Agents cannot discover or use it.
If a tool is disabled after discovery:
- Box enforces the change at runtime.
- The MCP Server returns an error such as:
Tool has been disabled by the enterprise admin. Contact your enterprise admin for more information.
During an active session:
- The user might see a generic error (for example, “tool not found”).
- The exact message depends on the MCP client.
Audit tool enablement changes
To review when and how tool settings changed:
- Open the Admin Console.
- In the left sidebar, select Reports.
- Select Create Report, then select Security Logs.
- Under Integrations, select Changed MCP Tools Enablement Status.
The report includes:
| Field | Description |
|---|---|
| User | Admin who made the change |
| Category | Modified tool category |
| Setting | Setting that changed |
| Original Value | Previous value |
| New Value | Updated value |
| Date | When the change occurred |
For more information, see Security Logs Report.
- Some categories might be unavailable. Categories such as Hubs or AI might not be available for every enterprise. Check your subscription for details.
- Settings are enterprise-wide. In this release, tool enablement settings apply globally to the enterprise. Per-client and user- or group-level tool controls are not included.